July 2026 Release Notes
The Command Platform release notes include information about what’s new, which are updated monthly, and improvements and fixes, which are updated weekly.
Last updated: July 6, 2026
Improvements and Fixes
Keep track of improvements and fixes to core technology.
Application Security (InsightAppSec) and AppSpider
No updates released at this time.
Attack Surface Management (Surface Command)
Version 1.0.926
Software release date: July 2, 2026 | Release notes published: July 6, 2026
Improved:
- Executed queries now display 25 results instead of 10 for better readability.
Connectors
The following connectors were updated in the Extension Library since the previous release. Connector updates are published independently and may have been available before this release date.
Updated Connectors
- BigFix: Fixed a packaging error.
- EZO AssetSonar:
- Fixed schema type mismatches in
EzoAssetSonarMember. - Added previously undeclared API fields to
EzoAssetSonarAsset. - Pinned dependencies.
- Fixed schema type mismatches in
- IGEL UMS: Fixed a schema validation error for
IgelUmsDevice. - Kaseya VSA 10: Added Applied Policies enrichment with the M1051 (Update Software) mitigation.
- Kaseya VSA 9: Added the M1051 (Update Software) mitigation to
KaseyaVSA9Agentusing the patch scan status API. - ManageEngine ServiceDesk Plus: Added schema validation for the
ManageEngineServiceDeskUsertype. - Matrix42 CMDB: Added Asset filter to only import assets with an operational status of Active.
- Nozomi Vantage:
- Added Nozomi certification headers (
nn-appandnn-app-version) to all requests. - Added retry handling for API throttling responses (HTTP 429 and HTTP 503).
- Improved vulnerability pagination and deduplication handling.
- Added Nozomi certification headers (
- SolarWinds IT Asset Management: Fixed hostname correlation.
Cloud Security (InsightCloudSec)
Release availability for self-hosted users
Self-hosted users are able to download the latest version usually 4 business days after SaaS users are upgraded from the following locations:
- Terraform deployments: Public S3 bucket . Modules can be updated with the
terraform get -updatecommand. - Amazon Elastic Container Repository (ECR) deployments: You can obtain the ECR build images for this version from the InsightCloudSec ECR Gallery
Version 26.7.7
Software release date: July 7, 2026 | Release notes published: July 6, 2026
Improved
- Added background job
OrphanedCredentialCleanupthat removes orphaned cloud credentials daily or on-demand. These orphaned credentials are unused by harvesting or other portions of the product.
New Insights
- Ensure EC2 Auto Scaling Groups Propagate Tags to Launched Instances (Insight ID 2582) - Detects AWS Auto Scaling Groups where one or more tags are not configured to propagate to the EC2 instances they launch. This aligns with CIS AWS Compute Services Benchmark control 2.14.
- Supported Clouds: AWS, AWS China, AWS GovCloud.
- Compliance Pack Mappings: CIS Controls v8.1.2 (1.1), NIST 800-53 Rev 5 (CM-8, CM-8(1), PM-5), NIST 800-171 (3.4.1, 3.4.9, 3.12.4), NIST CSF 2.0 (ID.AM-01, ID.AM-07), CMMC Level 2 (CM.L2-3.4.1, CA.L2-3.12.4).
- After re-harvesting, Auto Scaling Groups will show tag propagation compliance status. Groups with no tags are considered compliant. Groups not yet re-harvested will show as “unknown” and will not trigger findings.
- Volume Not Marked for Deletion on Instance Termination (Insight ID 2591) - Identifies EBS Volumes attached to EC2 Instances that are not configured for automatic deletion upon Instance Termination, helping reduce orphaned resources and potential data exposure. Aligned with CIS AWS Compute Services Benchmark Control 2.12.
- Compliance Pack Mappings: CIS Controls v8.1.2, NIST SP 800-53 Rev. 5, NIST SP 800-171 Rev. 2, NIST CSF v2.0, and CMMC Level 2.
- Instance Using Default Security Group - Identifies AWS EC2 Instances that are associated with a default security group rather than a specified custom security group.
- Cloud Account Organization Without Tag Policy Enabled - Identifies management Cloud Accounts whose AWS Organization does not have Tag Policies enabled.
New Query Filters
- Autoscaling Group Not Propagating Tags at Launch - Identifies Auto Scaling Groups where tags are not configured to propagate to launched instances.
- Supported Clouds: AWS, AWS China, AWS GovCloud.
- Cloud Account Organization Tag Policy Status - Identifies management Cloud Accounts based on Tag Policy enablement status at the Organization root.
New Compliance Pack
- Added CIS Red Hat OpenShift Container Platform Benchmark v1.9.0 compliance pack.
Fixed
- Fixed Cache Instance Auth Token Disabled Query Filter false positive. The filter now correctly inherits
auth_tokenconfiguration. - Fixed Resource Associated With Public Subnet Query Filter to correctly detect ElastiCache public subnet associations in CloudFormation Template (CFT) scans.
- Fixed an error that could cause IaC scan listing to fail with a database session error.
- Fixed an issue where resources with exceptions were not showing on the misconfiguration UI and export.
- Resolved intermittent Azure snapshot harvesting failures. Fixed an issue where the Azure snapshot harvester could intermittently fail with a
NotImplementedError, preventing snapshot data from being collected during affected harvest runs.- The snapshot harvesting method is now defined directly on the Azure backend class, consistent with how all other cloud providers (AWS, GCP, AliCloud, Oracle) are implemented.
- No changes to harvested data or behavior — runs that previously succeeded continue to work identically.
Mimics Infrastructure as Code (IaC) Scanning Tool
No updates released at this time.
SIEM (InsightIDR)
No updates released at this time.
Vulnerability Management (InsightVM)
Version 8.51.0
Software release date: July 6, 2026 | Release notes published: July 6, 2026
Improved:
- Enhanced Oracle Access Management fingerprinting to improve patch version identification and reporting accuracy.
- Improved scan logging for custom service names configuration issues, providing clearer messages when files are missing or cannot be parsed to simplify troubleshooting.
- Strengthened the overall security posture of the Security Console by upgrading the bundled Axios library to the latest supported minor version.
- Improved the performance and responsiveness of the Asset Search API, particularly for larger Security Console deployments.
- Added built-in policy support for:
- DISA STIG Microsoft SQL Server Database 2022 Benchmark V1R3
- DISA STIG Microsoft SQL Server Instance 2022 Benchmark V1R4
Fixed:
- Resolved an issue where the GET Scan Engine Sites API returned an incomplete value for scanTemplateName. The endpoint now returns the expected scan template name.
- Fixed an issue where CSV vulnerability reports did not include tabular solution content, such as Windows Registry settings and configuration values. This information is now exported correctly.
- Resolved an issue affecting Extensible Ingress when using a console proxy. Exposure Analytics traffic now correctly routes through the configured proxy, including authenticated proxies. A Security Console restart is required when using an authenticated proxy.
Nexpose
Nexpose Version 8.51.0
Software release date: July 6, 2026 | Release notes published: July 6, 2026
Improved:
- Enhanced Oracle Access Management fingerprinting to improve patch version identification and reporting accuracy.
- Improved scan logging for custom service names configuration issues, providing clearer messages when files are missing or cannot be parsed to simplify troubleshooting.
- Strengthened the overall security posture of the Security Console by upgrading the bundled Axios library to the latest supported minor version.
- Improved the performance and responsiveness of the Asset Search API, particularly for larger Security Console deployments.
- Added built-in policy support for:
- DISA STIG Microsoft SQL Server Database 2022 Benchmark V1R3
- DISA STIG Microsoft SQL Server Instance 2022 Benchmark V1R4
Fixed:
- Resolved an issue where the GET Scan Engine Sites API returned an incomplete value for scanTemplateName. The endpoint now returns the expected scan template name.
- Fixed an issue where CSV vulnerability reports did not include tabular solution content, such as Windows Registry settings and configuration values. This information is now exported correctly.
- Resolved an issue affecting Extensible Ingress when using a console proxy. Exposure Analytics traffic now correctly routes through the configured proxy, including authenticated proxies. A Security Console restart is required when using an authenticated proxy.
Digital Risk Protection (Threat Command)
Software release date: [June 19, 2026] | Release notes published: [July 6, 2026]
New:
- You can now control whether infostealer alerts include external user matches — credentials associated with a customer-owned domain but without an organizational email address. The toggle is located under Configurations > Customization in Digital Risk Protection (Threat Command), or under Intelligence > DRP Configurations > Customization in the Command Platform. External user alerting is on by default, preserving existing behavior. When turned off, monitoring stops for external email matches while internal organizational email monitoring continues. This setting applies to future alerts only and has no effect on existing or previously resolved alerts.
Rapid7 Agent (Insight Agent)
No updates released at this time.
Next-Generation Antivirus
No updates released at this time.
Ransomware Prevention
No updates released at this time.
Velociraptor
No updates released at this time.
Automation (InsightConnect)
No updates released at this time.